CCPA is Here to Stay: Leading Industry Experts Offer Insights on CCPA Compliance and Data Privacy Best Practices
It’s been over 45 days since CCPA has been in effect … This article features CCPA insights from industry leaders.
PwC recently quipped how the CCPA is the beginning of “America’s GDPR.” Yet, it’s not the same.
In a recent report, Silverbullet stated that almost half of UK CMOs (45%) estimate poor data handling risks costing their business between £250,000 and £5m every year, with the average amount £370,000 annually. Clearly, companies need far better expertise in-house to handle privacy-related operations and compliance management. Today, a greater number of CMOs believe they have the skills they need within the business to manage data effectively (79%) but just 27% say the industry is ‘ahead of the game’ with having the skills needed to deal with customer data privacy.
CCPA Is Now Law, But Consumers Aren’t Feeling More Privacy
Now that the California Consumer Privacy Act (CCPA) has taken effect and organizations have had a little over a month to adjust, businesses are beginning to understand it’s impact and import. For organizations collecting, processing or purchasing data on California residents, CCPA provides critical guidance on regulatory compliance. From the management of data collection, disclosing financial incentives and record maintenance, the comprehensive act provides insights into all areas of protecting California residents’ consumer rights.
Looker’s Chief Privacy and Data Ethics Officer, Barbara Lawler said,
“Transparency is central, but so is a public commitment to ethical data practices, tools, and data governance. As a starting point, businesses, more specifically, the people — data analysts to chief data officers — need tools as a means to analyze the data in their own databases, minimize sprawl, and reduce the risk of breach or misuse. We should be expecting data governance at machine speed.”
While this (CCPA’s passing) marks the first state in the U.S. to enact such a law, companies operating in the European Union (EU) have spent the past year and a half accommodating the rules set in place by the General Data Protection Regulation (GDPR). While the two sets of regulations involve data protection, businesses subject to the CCPA may have additional obligations under CCPA. These nuances help tailor the guidelines to the residents and their specific needs… something in which other states are seeing the value.
Understanding that California is home to a significant portion of the companies working in the tech industry but that those they serve actually reside nationally as well as locally, it’s only a matter of time before organizations across the country will be considering compliance regulations for not only their own states but also how their regulations compare to those of other entities.
As the effects of CCPA continue to unfold, leading industry experts are discussing the importance of taking data privacy seriously, offer advice on how businesses should continue to comply with CCPA and provide insight for some of the best practices in data privacy.
Build Your IT Resilience to Meet CCPA Compliance
Avi Raichel, CIO, Zerto said —
“Now that CCPA has been in effect for more than a month, it’s important to remember that a big piece to the compliance puzzle is reporting, and with today’s advancements in IT resilience solutions, reporting should no longer be the headache it once was. If it is, then you may want to reconsider the tools you’re using. Your analytics should be able to provide at least a 90-day history of your protected multi-site, multi-cloud environments’ health and compliance. Furthermore, you shouldn’t have to perform more than just a couple of clicks to produce a report that proves your infrastructure is resilient and protected. Of all the things you need to think about to stay CCPA-compliant, don’t let reporting be the piece that holds you back.”
CCPA will Have a Long-Standing Impact on the US Privacy Landscape
Wendy Foote, Senior contracts manager, WhiteHat Security stated —
“Although the CCPA will be good for consumers, affected companies will have to make a significant effort to implement the requirements. It has added yet another variance in the patchwork of divergent U.S. data protection laws that companies already struggle to reconcile. The CCPA is the first law of its kind in the U.S., and it could set a precedent for other states. And because it applies to most companies who do business with individuals residing in California, the sweeping new law promises to have a major impact on the privacy landscape not only in California but the entire country.
The passage of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation. With a new class of representatives sworn into Congress earlier this year and the CCPA effectively putting a deadline on the debate, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim.
A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law. It will take several months of negotiation among lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of national privacy law and then for it to actually take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary.”
How Cloud-hosted Solutions and Infrastructures Plan to Deal with CCPA?
Lex Boost, CEO, Leaseweb USA spoke to us on how the California Consumer Privacy Act (CCPA) is set to become the gold standard in privacy, data protection, and consumer protection rights in California, and maybe even the United States.
Lex said, “It (CCPA) will be the first of its kind in privacy regulation within the US, similar to what the GDPR is to the European Union. The act allows consumers to have greater control over their data, now that data companies must comply with these new regulations. The implementation of the CCPA establishes a trend in governments evaluating and seriously considering better legislation for protecting data. It is important that all companies are committed to ensuring that personal data and privacy remain protected and used in accordance with the CCPA.
From a cloud hosting perspective, striving to meet new compliance and privacy regulations is challenging when managing cloud infrastructures. In order to ensure you are in compliance with increasingly stringent data protection legislation, it is important that you utilize a team of professionals who can provide guidance on managing data to stay within the law. Hosting providers that have experience with GDPR and have done their due diligence around CCPA will be essential as organizations seek out the in-depth knowledge that will allow them to maximize their data usage while taking the important steps to remain compliant.”
CCPA Must Be Flexible and Evolve Over Time, Too
Sam Humphries, Senior product marketing manager, Exabeam said,
“Now that we’re officially in 2020, and the California Consumer Privacy Act (CCPA) law is in effect, it’s a good time to recall the lessons that earlier privacy regulations, like the EU’s GDPR, previously imparted. In all of its good intentions, it is still early days for the GDPR. Therefore, it has not yet been a silver bullet in safeguarding consumer privacy. Possibly the most salient point is that as a security issue, consumer privacy will continue to evolve. Because of this, newer laws and regulations, like CCPA, must be flexible and evolve over time, too. We already see this happening in the UK, with the ePrivacy Regulation, which aims to put specific responsibilities around provisions that the GDPR treated more generally.
Regardless of how much CCPA is intended to protect consumers, it remains to be seen how tolerant they will be at dealing once again with the extra ‘clicks’ and notifications that come with consent-based security measures.”
Storage Solutions Must Meet Data Protection Laws
Mihir Shah, CEO of StorCentric, the parent company of Nexsan, says–
“Data and its security are incredibly valuable to any and all organizations, and now even more so with the California Consumer Privacy Act (CCPA). For the best strategy to become compliant with this new regulation, a key feature of a storage solution should be data protection. Not all storage systems will protect data from integrity issues or silent data corruption. Not to mention, insufficient storage systems lack the ability to complete real-time audits for integrity checks.”
“With CCPA being in full effect, it is critical to ensure that an organization’s system will never overwrite an original file, and will keep the original intact so that nothing, including malware, can alter that data. For all organizations feeling the effects of the CCPA, seeking out storage systems that offer unmatched visibility into user activity via comprehensive audit trails, data retention, data destruction policies and more, is undoubtedly a critical change that needs to be undertaken sooner rather than later.”
Data Simplicity and Ease-Of-Use Are the Main Focus in 2020
Alan Conboy, Office of the CTO, Scale Computing said,
“Following the implementation of GDPR, the California Consumer Privacy Act (CCPA) is the newest regulation expected to help organizations manage and maintain data compliance, ensuring personal information is kept safe, and not shared or sold to other organizations. With technology innovation growing and expanding at a rapid pace, one way IT professionals are able to abide by the CCPA is by designing solutions with data protection in mind. With the CCPA now officially in effect, organizations should look to set in place an IT infrastructure that is stable and secure, with data simplicity and ease-of-use as the main focus.”
Ian James, founder and CEO, Silverbullet, comments: “With data misuse hitting the national headlines regularly, consumers are now acutely aware of just how valuable their data is, and have woken up to the fact it’s being used on an industrial scale. What started with the Cambridge Analytica scandal has snowballed through GDPR, high profile breaches and documentaries like ‘The Great Hack.’ Today, you’d be hard-pushed to find a consumer that didn’t have some awareness of their data and opinion on how it should be used.
It’s vital that marketers continue to respond to this.
Almost two years on from GDPR and months after the ICO released a clear warning to businesses operating in the AdTech space, there should be established skills in-house to manage data compliantly and tap into all of its potential. Especially as we enter 2020, where there will be more regulations implemented and a crackdown on third-party cookies.”